github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/docs/source/clientconfig.rst (about) 1 Fabric-CA Client's Configuration File 2 ====================================== 3 4 :: 5 6 7 ############################################################################# 8 # This is a configuration file for the fabric-ca-client command. 9 # 10 # COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES 11 # ------------------------------------------------ 12 # Each configuration element can be overridden via command line 13 # arguments or environment variables. The precedence for determining 14 # the value of each element is as follows: 15 # 1) command line argument 16 # Examples: 17 # a) --url https://localhost:7054 18 # To set the fabric-ca server url 19 # b) --tls.client.certfile certfile.pem 20 # To set the client certificate for TLS 21 # 2) environment variable 22 # Examples: 23 # a) FABRIC_CA_CLIENT_URL=https://localhost:7054 24 # To set the fabric-ca server url 25 # b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem 26 # To set the client certificate for TLS 27 # 3) configuration file 28 # 4) default value (if there is one) 29 # All default values are shown beside each element below. 30 # 31 # FILE NAME ELEMENTS 32 # ------------------ 33 # The value of all fields whose name ends with "file" or "files" are 34 # name or names of other files. 35 # For example, see "tls.certfiles" and "tls.client.certfile". 36 # The value of each of these fields can be a simple filename, a 37 # relative path, or an absolute path. If the value is not an 38 # absolute path, it is interpretted as being relative to the location 39 # of this configuration file. 40 # 41 ############################################################################# 42 43 ############################################################################# 44 # Client Configuration 45 ############################################################################# 46 47 # URL of the Fabric-ca-server (default: http://localhost:7054) 48 url: <<<URL>>> 49 50 # Membership Service Provider (MSP) directory 51 # This is useful when the client is used to enroll a peer or orderer, so 52 # that the enrollment artifacts are stored in the format expected by MSP. 53 mspdir: 54 55 ############################################################################# 56 # TLS section for secure socket connection 57 # 58 # certfiles - PEM-encoded list of trusted root certificate files 59 # client: 60 # certfile - PEM-encoded certificate file for when client authentication 61 # is enabled on server 62 # keyfile - PEM-encoded key file for when client authentication 63 # is enabled on server 64 ############################################################################# 65 tls: 66 # TLS section for secure socket connection 67 certfiles: 68 client: 69 certfile: 70 keyfile: 71 72 ############################################################################# 73 # Certificate Signing Request section for generating the CSR for 74 # an enrollment certificate (ECert) 75 # 76 # cn - Used by CAs to determine which domain the certificate is to be generated for 77 # names - A list of name objects. Each name object should contain at least one 78 # "C", "L", "O", "OU", or "ST" value (or any combination of these). These values are: 79 # "C": country 80 # "L": locality or municipality (such as city or town name) 81 # "O": organisation 82 # "OU": organisational unit, such as the department responsible for owning the key; 83 # it can also be used for a "Doing Business As" (DBS) name 84 # "ST": the state or province 85 # hosts - A list of space-separated host names which the certificate should be valid for 86 # 87 # NOTE: The serialnumber field below, if specified, becomes part of the issued 88 # certificate's DN (Distinguished Name). For example, one use case for this is 89 # a company with its own CA (Certificate Authority) which issues certificates 90 # to its employees and wants to include the employee's serial number in the DN 91 # of its issued certificates. 92 # 93 # WARNING: This serialnumber field should not be confused with the certificate's 94 # serial number which is set by the CA but is not a component of the 95 # certificate's DN. 96 ############################################################################# 97 csr: 98 cn: <<<ENROLLMENT_ID>>> 99 serialnumber: 100 names: 101 - C: US 102 ST: North Carolina 103 L: 104 O: Hyperledger 105 OU: Fabric 106 hosts: 107 - <<<MYHOST>>> 108 ca: 109 pathlen: 110 pathlenzero: 111 expiry: 112 113 ############################################################################# 114 # Registration section used to register a new identity with fabric-ca server 115 # 116 # name - Unique name of the identity 117 # type - Type of identity being registered (e.g. 'peer, app, user') 118 # affiliation - The identity's affiliation 119 # maxenrollments - The maximum number of times the secret can be reused to enroll. 120 # Specially, -1 means unlimited; 0 means disabled 121 # attributes - List of name/value pairs of attribute for identity 122 ############################################################################# 123 id: 124 name: 125 type: 126 affiliation: 127 maxenrollments: -1 128 attributes: 129 # - name: 130 # value: 131 132 ############################################################################# 133 # Enrollment section used to enroll an identity with fabric-ca server 134 # 135 # profile - Name of the signing profile to use in issuing the certificate 136 # label - Label to use in HSM operations 137 ############################################################################# 138 enrollment: 139 profile: 140 label: 141 142 ############################################################################# 143 # Name of the CA to connect to within the fabric-ca server 144 ############################################################################# 145 caname: 146 147 ############################################################################# 148 # BCCSP (BlockChain Crypto Service Provider) section allows to select which 149 # crypto implementation library to use 150 ############################################################################# 151 bccsp: 152 default: SW 153 sw: 154 hash: SHA2 155 security: 256 156 filekeystore: 157 # The directory used for the software file-based keystore 158 keystore: msp/keystore